Reference Guide
Usage Information
The show crypto ipsec policy command output displays the AH and ESP
parameters configured in IPsec security policies, including the SPI number, keys, and
algorithms used.
When configured in a helper-reject role, an OSPFv3 router ignores the Grace LSAs that it
receives from a restarting OSPFv3 neighbor.
Table 4. show crypto ipsec policy Command Description
Field Description
Policy name Displays the name of an IPsec policy.
Policy refcount Number of interfaces on the router that
use the policy
Inbound ESP SPI
Outbound ESP SPI
The encapsulating security payload (ESP)
security policy index (SPI) for inbound and
outbound links.
Inbound ESP Auth Key
Outbound ESP Auth Key
The ESP authentication key for inbound
and outbound links.
Inbound ESP Cipher Key
Outbound ESP Cipher Key
The ESP encryption key for inbound and
outbound links.
Transform set
The set of security protocols and
algorithms used in the policy.
Inbound AH SPI
Outbound AH SPI
The authentication header (AH) security
policy index (SPI) for inbound and
outbound links.
Inbound AH Key
Outbound AH Key
The AH key for inbound and outbound
links.
Example
Dell#show crypto ipsec policy
Crypto IPSec client security policy data
Policy name : OSPFv3-1-502
Policy refcount : 1
Inbound ESP SPI : 502 (0x1F6)
Outbound ESP SPI : 502 (0x1F6)
Inbound ESP Auth Key : 123456789a123456789b123456789c12
Outbound ESP Auth Key : 123456789a123456789b123456789c12
Inbound ESP Cipher Key :
123456789a123456789b123456789c123456789d12345678
Outbound ESP Cipher Key :
123456789a123456789b123456789c123456789d12345678
Transform set : esp-3des esp-md5-hmac
Crypto IPSec client security policy data
1502
Open Shortest Path First (OSPFv2 and OSPFv3)